VYPR

Dedecms

by Dedecms

Source repositories

CVEs (169)

  • CVE-2018-16786MedSep 21, 2018
    risk 0.40cvss 6.1epss 0.01

    DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.

  • CVE-2025-6335MedJun 20, 2025
    risk 0.31cvss 4.7epss 0.07

    A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be…

  • CVE-2023-3578Jul 10, 2023
    risk 0.06cvss epss 0.03

    A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and…

  • CVE-2015-4553Jan 6, 2020
    risk 0.06cvss epss 0.57

    A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.

  • CVE-2018-20129Dec 13, 2018
    risk 0.06cvss epss 0.08

    An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by…

  • CVE-2023-2928May 27, 2023
    risk 0.05cvss epss 0.51

    A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can…

  • CVE-2020-27533Oct 22, 2020
    risk 0.03cvss epss 0.03

    A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

  • CVE-2011-5200Sep 23, 2012
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.

  • CVE-2009-3806Oct 27, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.

  • CVE-2024-57241Feb 11, 2025
    risk 0.02cvss epss 0.01

    Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.

  • CVE-2019-8933Feb 19, 2019
    risk 0.02cvss epss 0.03

    In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template…

  • CVE-2023-36298Aug 3, 2023
    risk 0.01cvss epss 0.01

    DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).

  • CVE-2022-35516Aug 17, 2022
    risk 0.01cvss epss 0.02

    DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.

  • CVE-2022-34531Jul 29, 2022
    risk 0.01cvss epss 0.23

    DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.

  • CVE-2022-23337Feb 14, 2022
    risk 0.01cvss epss 0.02

    DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.

  • CVE-2018-18608Oct 23, 2018
    risk 0.01cvss epss 0.03

    DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php,…

  • CVE-2026-29839Mar 24, 2026
    risk 0.00cvss epss 0.00

    DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.

  • CVE-2026-30694Mar 19, 2026
    risk 0.00cvss epss 0.01

    An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component

  • CVE-2024-30855Dec 29, 2025
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.

  • CVE-2025-5137May 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It…

Page 2 of 9